[publicprivacy]

What exactly is an asset domain? The one you setup to point to the CDN?

[ceejayoz]

Yes. Instead of using pqowieurpqoiwer.cloudfront.net, you can point one of your own subdomains at it. Leaves you in control. The only complexity is SSL certificates - you either have to pay $600/month for a custom cert, or use SNI and ditch some older IEs.

[Xorlev]

They do offer free SSL with SNI. But that's not viable for most people given the number of popular older browsers missing SNI support.

[kbuck]

Browsers that do support SNI include:

IE7+ (unless running on Windows XP)

Firefox 2.0 and later

Opera 8.0 and later

Chrome 6 and later (unless running on Windows XP)

Safari 3.0 and later

Android default browser on Android 3.0 and later (this is probably the biggest chunk of users)

Windows Phone 7

So, realistically, you're looking at people who still use Windows XP (unless they're using Firefox) and people with really old Android phones that'll never receive a manufacturer firmware update.

[micro-ram]

Could you add a global variable to your site code with the fqdn of your assets to point to the origin for times like this?

[sbarre]

$600 per month for what exactly? (honestly asking here)

[ceejayoz]

Without SNI, you need a dedicated IP per certificate. For CloudFront, this means dozens of dedicated IPs around the world just for your distribution.

[sbarre]

Ah, makes sense! Thanks